[
https://issues.apache.org/jira/browse/YARN-2676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zhijie Shen updated YARN-2676:
------------------------------
Attachment: YARN-2676.1.patch
Upload a working in progress patch:
1. Server side: make TimelineAuthenticationFilter extend the common
DelegationTokenAuthenticationFilter and use the related common stuff.
2. Client side: make TimelineClientImpl use the DelegationTokenAuthenticatedURL
and DelegationTokenAuthenticator, which will fail back to pseduo/kerberos
authenticator if DT is not there.
3. Client side: make TimelineClientImpl be friendly to proxy user. Will execute
the http request with real user with the proxy user set as the "doAs" user.
4. Cleanup the unnecessary code, which we used to duplicate for timeline
security.
It is worth mentioning that new http authentication request and response is not
going to be compatible with the prior one. It's difficult to be compatible at
http level, because both header and body are almost different in format.
However, at the point of view of timeline client, the change should be
transparent.
> Timeline authentication filter should add support for proxy user
> ----------------------------------------------------------------
>
> Key: YARN-2676
> URL: https://issues.apache.org/jira/browse/YARN-2676
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: timelineserver
> Reporter: Zhijie Shen
> Assignee: Zhijie Shen
> Attachments: YARN-2676.1.patch
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
